fix: updated IAM permissions for DA (#82)

iamar7 · Md Anam Raihan · web-flow · commit 74ae99517912 · 2025-09-10T19:40:29.000+05:30
* fix: update iam permission

* update iam permission

* update text for DA dependency

* update notes

* resolve comments

---------

Co-authored-by: Md Anam Raihan &lt;md.anam.raihan@ibm.com&gt;
diff --git a/ibm_catalog.json b/ibm_catalog.json
@@ -217,23 +217,30 @@
               "role_crns": [
                 "crn:v1:bluemix:public:iam::::role:Administrator"
               ],
-              "service_name": "iam-identity",
-              "notes": "[Optional] Required if Cloud automation for account configuration is enabled."
+              "service_name": "All Account Management services",
+              "notes": "[Optional] Required to create new resource groups when enabling the Account Configuration integration."
             },
             {
               "role_crns": [
-                "crn:v1:bluemix:public:iam::::serviceRole:Manager",
-                "crn:v1:bluemix:public:iam::::role:Editor"
+                "crn:v1:bluemix:public:iam::::role:Viewer"
               ],
-              "service_name": "sysdig-monitor",
-              "notes": "[Optional] Required for creating a new instance of cloud monitoring."
+              "service_name": "Resource group only",
+              "notes": "Viewer access is required in the resource group you want to provision in."
             },
             {
               "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ],
+              "service_name": "All Identity and Access enabled services",
+              "notes": "Required to create an IAM authorization policy between Metrics Router and Cloud Monitoring, and to set up new resource groups with account settings when enabling Account Configuration integration."
+            },
+            {
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::serviceRole:Manager",
                 "crn:v1:bluemix:public:iam::::role:Editor"
               ],
-              "service_name": "metrics-router",
-              "notes": "[Optional] Required if metrics routing to cloud monitoring instance is enabled."
+              "service_name": "sysdig-monitor",
+              "notes": "Required for creating a new instance of Cloud Monitoring."
             }
           ],
           "architecture": {
@@ -257,7 +264,7 @@
           "dependencies": [
             {
               "name": "deploy-arch-ibm-account-infra-base",
-              "description": "Enable to create a resource groups by default where all the resources will be provisioned and, when you enable the “with Account Settings” option, it also applies baseline security and governance settings. When disabled, provide your own resource group via the `existing_resource_group_name` input.",
+              "description": "Organize your IBM Cloud account with preconfigured resource groups. If not selected, the default resource group is used. Optionally, expand to apply recommended security controls via \"with Account Settings\" variation.",
               "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global",
               "version": "v3.0.7",
               "flavors": [
